Polynomial Linear System Solving with Errors by Simultaneous - - PowerPoint PPT Presentation

Polynomial Linear System Solving with Errors by Simultaneous Polynomial Reconstruction

• f Interleaved Reed-Solomon Codes.

Ilaria Zappatore a joint work with Eleonora Guerrini LIRMM, Montpellier

Journées Nationales de Calcul Formel 2019 CIRM, Luminy.

Table of contents

• 1. Polynomial linear system solving

The evaluation/interpolation method Polynomial linear system solving with errors Generalization of BW decoding for Reed Solomon codes

• 2. Generalization of the decoding of interleaved RS codes

Interleaved Reed Solomon codes Decoding interleaved RS codes Our method

• 3. Experiments and conclusions

1

Polynomial linear system solving

Polynomial linear system

Fixed a fjnite fjeld Fq, m ≥ n ≥ 1, we consider the problem of solving a full rank consistent polynomial linear system A(x)y(x) = b(x)       a1,1(x) a1,2(x) . . . a1,n(x) a2,1(x) a2,2(x) . . . a2,n(x) . . . . . . . . . . . . am,1(x) am,2(x) . . . am,n(x)             y1(x) y2(x) . . . yn(x)       =       b1(x) b2(x) . . . bm(x)       where,

• A(x) is a full rank m × n matrix whose entries are polynomials in

Fq[x],

• b(x) is an m-th vector of polynomials in Fq[x].

2

Polynomial linear system

Fixed a fjnite fjeld Fq, m ≥ n ≥ 1, we consider the problem of solving a full rank consistent polynomial linear system A(x)y(x) = b(x) There is a unique rational solution y(x) := f(x) g(x) =       

f1(x) g(x) f2(x) g(x)

. . .

fn(x) g(x)

       where g(x) is the monic least common denominator and GCD(f, g) = GCD(GCDi(fi), g) = 1. (1) Our aim is to fjnd the polynomials f and g such that A(x)f(x) = g(x)b(x).

3

Polynomial linear system

Fixed a fjnite fjeld Fq, m ≥ n ≥ 1, we consider the problem of solving a full rank consistent polynomial linear system A(x) f(x) g(x) = b(x) There is a unique rational solution y(x) := f(x) g(x) =       

f1(x) g(x) f2(x) g(x)

. . .

fn(x) g(x)

       where g(x) is the monic least common denominator and GCD(f, g) = GCD(GCDi(fi), g) = 1. (1) Our aim is to fjnd the polynomials f and g such that A(x)f(x) = g(x)b(x).

3

Evaluation/Interpolation

Fix L ≥ df + dg + 1 distinct evaluation points {α1, α2, . . . , αL}, where

• df ≥ max1≤i≤n deg(fi),
• dg ≥ deg(g).

we can uniquely reconstruct f and g by

• evaluating the polynomial matrix A(x) and b(x) at αl, 1 ≤ l ≤ L
• solving the evaluating system

A

l 1 l 2 l n l l b l l 1 L

• interpolating from the evaluated solution the parametric one.

4

Evaluation/Interpolation

Fix L ≥ df + dg + 1 distinct evaluation points {α1, α2, . . . , αL}, where

• df ≥ max1≤i≤n deg(fi),
• dg ≥ deg(g).

we can uniquely reconstruct f and g by

• evaluating the polynomial matrix A(x) and b(x) at αl, 1 ≤ l ≤ L
• solving the evaluating system

      A(αl)       ϕ1(αl) ϕ2(αl) . . . ϕn(αl)       − ψ(αl)b(αl) = 0      

l∈{1,...,L}

• interpolating from the evaluated solution the parametric one.

4

Evaluation/Interpolation

Fix L ≥ df + dg + 1 distinct evaluation points {α1, α2, . . . , αL}, where

• df ≥ max1≤i≤n deg(fi),
• dg ≥ deg(g).

we can uniquely reconstruct f and g by

• evaluating the polynomial matrix A(x) and b(x) at αl, 1 ≤ l ≤ L
• solving the evaluating system

      A(αl)       ϕ1(αl) ϕ2(αl) . . . ϕn(αl)       − ψ(αl)b(αl) = 0      

l∈{1,...,L}

• interpolating from the evaluated solution the parametric one.

4

Polynomial linear system solving with errors

흰l bl Al

=A(흰l) ≠A(흰l) =b(흰l) ≠b(흰l)

Erroneous evaluation An evaluation point αl is erroneous if Alf(αl) = g(αl)bl E := |{l | Alf(αl) = g(αl)bl}|. Since Al is full rank1 for any l, Alf(αl) = g(αl)bl = ⇒ Al = A(αl) or/and bl = b(αl).

1We omit the rank drops study.

5

Polynomial linear system solving with errors

How many evaluation points? [BK14] and [Kal+17] proved that with L ≥ LBK := df + dg + 2e + 1 evaluation points, it is possible to uniquely reconstruct f and g.

• df ≥ max1≤i≤n deg(fi),
• dg ≥ deg(g),
• e ≥ |E| := |{l | Alf(αl) = g(αl)bl}|

6

Polynomial linear system solving with errors

Main idea

• For any correct evaluations we have

Alf(αl) = g(αl)bl

• let

be the error locator polynomial,

l E

x

l

that is monic and has degree deg e;

• we put for any l

1 L , Al f

l l

l

g

l l

l

bl where deg df e and deg dg e.

7

Polynomial linear system solving with errors

Main idea

• For any correct evaluations we have

Alf(αl) = g(αl)bl

• let Λ be the error locator polynomial,

Λ :=

• l∈E

(x − αl), that is monic and has degree deg(Λ) ≤ e;

• we put for any l

1 L , Al f

l l

l

g

l l

l

bl where deg df e and deg dg e.

7

Polynomial linear system solving with errors

Main idea

• For any correct evaluations we have

Alf(αl) = g(αl)bl

• let Λ be the error locator polynomial,

Λ :=

• l∈E

(x − αl), that is monic and has degree deg(Λ) ≤ e;

• we put for any l ∈ {1, . . . , L},

Al f(αl)Λ(αl)

• ϕ(αl)

= g(αl)Λ(αl)

• ψ(αl)

bl where deg(ϕ) ≤ df + e and deg(ψ) ≤ dg + e.

7

Polynomial linear system solving with errors

Theorem [BK14] Assume that

• the number of erroneous evaluations is ≤ e,
• the number of the correct evaluations for which Al is full rank is

≥ df + dg + e + 1 Let (ϕmin, ψmin) be a solution of          A1ϕ(α1) − ψ(α1)b1 = 0 . . . ALϕ(αL) − ψ(αL)bL = 0 where ψmin is scaled to have leading coeffjcient 1 in x and it has minimal degree of all such solutions. Then ϕmin = Λf, ψmin = Λg

8

Reed Solomon Codes

Let Fq be a fjnite fjeld. Fixed:

• df < L ≤ q,
• L evaluation points, {α1, . . . , αL},

The Reed Solomon Code of length L and dimension df + 1 is the set RSq := {(f(α1), . . . , f(αL)) | f ∈ Fq[x], deg(f) ≤ df}.

f0 f1 … fdf

∑0≤i≤dffixi

f(흰1) f(흰2) f(흰3) f(흰4) … f(흰L)

The Reed Solomon code is Maximum Distance Separable (MDS), i.e. it matches the Singleton bound. Its error correction capability is eRS ≤ L − df − 1 2

9

Polynomial linear system solving with errors

The [BK14] method is a generalization of the Berlekamp-Welch decoding for Reed Solomon codes. If m = n = 1, A = I1, g constant polynomial 1, Recover the solution of the polynomial linear system

• Decoding of Reed Solomon code

b1 b2 b3 b4 … bL

10

Polynomial linear system solving with errors

The [BK14] method is a generalization of the Berlekamp-Welch decoding for Reed Solomon codes. If m = n = 1, A = I1, g constant polynomial 1, Recover the solution of the polynomial linear system

• Decoding of Reed Solomon code

f(흰1) f(흰3)

…

f(흰L)

10

Generalization of the decoding of interleaved RS codes

Our approach

A(x)f(x)=g(x)b(x)

Berlekamp-Welch decoding Reed Solomon codes Boyer et al. (2014) Kaltofen et al. (2017) 흰l bl Al

=A(흰l) ≠A(흰l) =b(흰l) ≠b(흰l)

Our purpose is to reconstruct the solution using a technique, inspired by the [BKY03] decoding of interleaved RS codes.

11

Our approach

A(x)f(x)=g(x)b(x)

Berlekamp-Welch decoding Reed Solomon codes Boyer et al. (2014) Kaltofen et al. (2017) 흰l bl Al

=A(흰l) ≠A(흰l) =b(흰l) ≠b(흰l)

Decoding of interleaved Reed Solomon codes This work

Our purpose is to reconstruct the solution using a technique, inspired by the [BKY03] decoding of interleaved RS codes.

11

Interleaved RS codes

f1(𝝱1) f1(𝝱2) f1(𝝱3) f1(𝝱4) … f1(𝝱L) f2(𝝱1) f2(𝝱2) f2(𝝱3) f2(𝝱4) … f2(𝝱L) f3(𝝱1) f3(𝝱2) f3(𝝱3) f3(𝝱4) … f3(𝝱L) fn(𝝱1) fn(𝝱2) fn(𝝱3) fn(𝝱4) … fn(𝝱L) n codewords of RS[L,df+1]q

12

Interleaved RS codes

f1(𝝱1) f1(𝝱2) f1(𝝱3) f1(𝝱4) … f1(𝝱L) f2(𝝱1) f2(𝝱2) f2(𝝱3) f2(𝝱4) … f2(𝝱L) f3(𝝱1) f3(𝝱2) f3(𝝱3) f3(𝝱4) … f3(𝝱L) fn(𝝱1) fn(𝝱2) fn(𝝱3) fn(𝝱4) … fn(𝝱L) n codewords of RS[L,df+1]q

f(𝝱1)∈(𝔾q)n f(𝝱1)

12

Interleaved RS codes

f1(𝝱1) f1(𝝱2) f1(𝝱3) f1(𝝱4) … f1(𝝱L) f2(𝝱1) f2(𝝱2) f2(𝝱3) f2(𝝱4) … f2(𝝱L) f3(𝝱1) f3(𝝱2) f3(𝝱3) f3(𝝱4) … f3(𝝱L) fn(𝝱1) fn(𝝱2) fn(𝝱3) fn(𝝱4) … fn(𝝱L) n codewords of RS[L,df+1]q

f(𝝱2)∈(𝔾q)n f(𝝱1) f(𝝱2)

12

Interleaved RS codes

f1(𝝱1) f1(𝝱2) f1(𝝱3) f1(𝝱4) … f1(𝝱L) f2(𝝱1) f2(𝝱2) f2(𝝱3) f2(𝝱4) … f2(𝝱L) f3(𝝱1) f3(𝝱2) f3(𝝱3) f3(𝝱4) … f3(𝝱L) fn(𝝱1) fn(𝝱2) fn(𝝱3) fn(𝝱4) … fn(𝝱L) n codewords of RS[L,df+1]q

f(𝝱1) f(𝝱2) f(𝝱L)∈(𝔾q)n f(𝝱3) f(𝝱4) … f(𝝱L) 12

Interleaved RS codes

f1(𝝱1) f1(𝝱2) f1(𝝱3) f1(𝝱4) … f1(𝝱L) f2(𝝱1) f2(𝝱2) f2(𝝱3) f2(𝝱4) … f2(𝝱L) f3(𝝱1) f3(𝝱2) f3(𝝱3) f3(𝝱4) … f3(𝝱L) fn(𝝱1) fn(𝝱2) fn(𝝱3) fn(𝝱4) … fn(𝝱L)

f(𝝱1) f(𝝱2) f(𝝱L)∈(𝔾q)n f(𝝱3) f(𝝱4) … f(𝝱L)

n codewords of RS[L,df+1]q codeword of interleaved RS code over 𝔾qn

12

Decoding interleaved Reed Solomon codes

An instance of the Simultaneous Polynomial Reconstruction (SPR) is (yl)1≤l≤L = (yil)1≤i≤n

1≤l≤L

such that there exist

• E ⊂ {1, . . . , L},
• polynomials (f1, . . . , fr), with deg(fi) ≤ df
• yl = f(αl)

l / ∈ E yl = f(αl) l ∈ E The solution of the SPR is the tuple f = (f1, . . . , fn) ∈ (Fq[x])n

y1 y2 y3 y4 … yL

13

Decoding interleaved Reed Solomon codes

An instance of the Simultaneous Polynomial Reconstruction (SPR) is (yl)1≤l≤L = (yil)1≤i≤n

1≤l≤L

such that there exist

• E ⊂ {1, . . . , L},
• polynomials (f1, . . . , fr), with deg(fi) ≤ df
• yl = f(αl)

l / ∈ E yl = f(αl) l ∈ E The solution of the SPR is the tuple f = (f1, . . . , fn) ∈ (Fq[x])n

f(흰1) f(흰3) … f(흰L)

13

Decoding interleaved RS codes

f1(흰1) f1(흰3) … f1(흰L) f2(흰1) f2(흰3) … f2(흰L) f3(흰1) f4(흰1)

. . .

fn(흰1) f3(흰3) f4(흰3)

. . .

fn(흰3) … … … f3(흰L) f4(흰L) fn(흰L)

. . . . . .

14

Decoding interleaved RS codes

f1(흰1) f1(흰3) … f1(흰L) f2(흰1) f2(흰3) … f2(흰L) f3(흰1) f4(흰1)

. . .

fn(흰1) f3(흰3) f4(흰3)

. . .

fn(흰3) … … … f3(흰L) f4(흰L) fn(흰L)

. . . . . .

BW decoding for RS

f1(x) 14

Decoding interleaved RS codes

f1(흰1) f1(흰3) … f1(흰L) f2(흰1) f2(흰3) … f2(흰L) f3(흰1) f4(흰1)

. . .

fn(흰1) f3(흰3) f4(흰3)

. . .

fn(흰3) … … … f3(흰L) f4(흰L) fn(흰L)

. . . . . .

BW decoding for RS

fn(x)

In this way,

• recover f = (f1, . . . , fn) ∈ (Fq[x])n,
• correct up to L−df−1

2

errors (MDS).

14

Decoding interleaved RS codes

Theorem [BKY03] Given (yil)1≤i≤n

1≤l≤L

∈ (Fq)nL where e ≤ |E| = n(L−df−1)

n+1

Probabilistic assumptions Assume that for any i ∈ {1, . . . , n},

• l ∈ E, yil are uniformly distributed over Fq,
• l /

∈ E, yil = fi(αl) and f1, . . . , fn are uniformly distributed over the vector space of polynomials of Fq[x] of degree at most df; The linear system,        [m1(αl) = y1lΛ(αl)]1≤l≤L . . . [mr(αl) = ynlΛ(αl)]1≤l≤L (2) admits at most one solution with probability at least 1 − e/q.

15

Decoding interleaved RS codes

Theorem [BMS04] Given (yil)1≤i≤n

1≤l≤L

∈ (Fq)nL where e := |E| = n(L−df−1)

n+1

Probabilistic assumptions Assume that for any i ∈ {1, . . . , n},

• l ∈ E, yil are uniformly distributed over Fq,
• l /

∈ E, yil = fi(αl), The linear system,        [m1(αl) = y1lΛ(αl)]1≤l≤L . . . [mr(αl) = ynlΛ(αl)]1≤l≤L (3) admits at most one solution with probability at least 1 − exp(1/(qr−2))

q

.

16

Decoding interleaved RS codes

If n ≥ 1 then, probabilistic assumptions ↓

n(L−df−1) n+1

≥

L−df−1 2

↓ ↓ unique decoding unique decoding error probability O(1/q) Under some probabilistic assumptions it is possible to decode beyond the unique decoding bound.

17

Decoding interleaved RS codes

If n ≥ 1 then,

n(1−R) n+1

≥

1−R 2

0.2 0.4 0.6 0.8 1 0.2 0.4 0.6 0.8 1 Rate (R) Fraction of errors (p) 1 − R

1−R 2

1 − √ R

17

Our scenario

A(x)f(x)=g(x)b(x) The Problem

uniquely reconstruct the vector solution <——> LBK Boyer et al. <—> BW Our method <—> decoding iRS

Probabilistic assumptions

reconstruct the vector solution error probability O(1/q) <——> L ≤ LBK

We focus on the square case m = n.

18

Our scenario

흰l bl Al

=b(흰l) ≠b(흰l) =A(흰l) ≠A(흰l)

uniformly random entries

• ver 픽q

uniformly random entries

• ver 픽q

We fjx L := n(df+e+1)+dg+e

n

evaluation points, where

• df ≥ deg (f) := max1≤i≤n deg (fi),
• dg = deg (g),
• e is a bound on the number of erroneous evaluations

e ≥ |E| := |{l ∈ {1, . . . , L} | Alf(αl) = g(αl)bl}|.

19

Generalization of the decoding of interleaved RS codes

For any l ∈ {1, . . . , L} we study the homogeneous linear systems Alγl − σlbl = 0 Since Al is full rank, the kernel is one-dimensional. Let (γl, σl) = (γl1, . . . , γln, σl) be the generator of the kernel, then yl := γl σl =    = f(αl)

g(αl)

l / ∈ E = f(αl)

g(αl)

l ∈ E uniformly random

20

Generalization of the decoding of interleaved RS codes

Now, we consider the key equations        ϕ(α1) − y1ψ(α1) = 0 . . . ϕ(αL) − yLψ(αL) = 0 (4)

• ϕ = (ϕ1, . . . , ϕn) ∈ (Fq[x])n and deg(ϕi) ≤ df + e,
• ψ ∈ Fq[x], deg(ψ) ≤ dg + e.

21

Generalization of the decoding of interleaved RS codes

Now, we consider the key equations        ϕ(α1) − y1ψ(α1) = 0 . . . ϕ(αL) − yLψ(αL) = 0 (4)

• The system has nL equations and

n(df + e + 1) + dg + e + 1 = nL + 1 unknowns, i.e. the coeffjcients of ϕ and ψ.

• If the rank of the coeffjcient matrix is nL, the kernel is
• ne-dimensional and (ϕ, ψ) its generator is

ϕ = Λf, ψ = Λg.

21

Generalization of the decoding of interleaved RS codes

Theorem (Guerrini, Z. 2019) Under the previous assumptions, Pr[rank < nL] ≤ exp(1 − qn−2) q The error probability is O(1/q). Moreover if n ≥ 1, L = n(df + e + 1) + dg + e n ≤ df + dg + 2e + 1 = LBK

22

Generalization of the decoding of interleaved RS codes

Data: (Al, bl)1≤l≤L and df, dg, e Result: (f, g) or fail L := ⌈ n(df+e+1)+dg+e

n

⌉; fjnd a basis {(γl, σl)} of the right kernel of Alγl − σlbl = 0 for l = 1, . . . , L; yl := γl

σl ;

construct the key equation (4) and, given M the coeffjcient matrix; if rank(M) == n(df + e + 1) + dg + e then fjnd a basis {(ϕ, ψ)} of the right kernel of M; Λ := GCD(ϕ, ψ); f := ϕ

Λ and g := ψ Λ ;

else return fail end

23

Experiments and conclusions

Experiments

We implement our algorithm in SageMath. We apply 100 times our method to solve 100 different polynomial linear systems of size 3 and number of errors 4. We denote,

• p∗ represents the number of times in which the rank is less than

nL,

• p the percentage of theoretical error probability of our theorem,

exp(1−qn−2) q

We obtain the following results: q p∗ p 25 0, 9% 3, 22% 26 0, 33% 1, 58% 29 0, 16% 0, 19%

24

Open Problems

• Study the rank drops case,
• better upper bound the error probability,
• dg ≥ deg(g).

25

Thanks for your attention.

25

References i

References

Brice Boyer and Erich L. Kaltofen. “Numerical Linear System Solving with Parametric Entries by Error Correction”. In: Proceedings of the 2014 Symposium on Symbolic-Numeric Computation. SNC ’14. Shanghai, China: ACM, 2014, pp. 33–38. isbn: 978-1-4503-2963-7. doi: 10.1145/2631948.2631956. url: http://doi.acm.org/10.1145/2631948.2631956.

26

References ii

Daniel Bleichenbacher, Aggelos Kiayias, and Moti Yung. “Decoding of Interleaved Reed Solomon Codes over Noisy Data.”. In: J.C.M. Baeten, J.K. Lenstra, J. Parrow, G.J. Woeginger (eds) Automata, Languages and Programming. ICALP 2003. Lecture Notes in Computer Science, vol. 2719. Springer, Berlin, Heidelberg., 2003.

• A. Brown, L. Minder, and A. Shokrollahi. “Probabilistic

decoding of interleaved RS-codes on the q-ary symmetric channel”. In: International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings. June 2004,

• pp. 326–326. doi: 10.1109/ISIT.2004.1365363.

27

References iii

Erich L. Kaltofen, Clément Pernet, Arne Storjohann, and Cleveland Waddell. “Early Termination in Parametric Linear System Solving and Rational Function Vector Recovery with Error Correction”. In: Proceedings of the 2017 ACM on International Symposium on Symbolic and Algebraic

• Computation. ISSAC ’17. Kaiserslautern, Germany: ACM, 2017,
• pp. 237–244. isbn: 978-1-4503-5064-8. doi:

10.1145/3087604.3087645. url: http://doi.acm.org/10.1145/3087604.3087645.

28